I use the latest shopify remix template 2024-10. I’ve built a custom fulfilment service app.
However none of the redirect_urls in the toml file are being triggered when my app gets reinstalled . I’ve test the URL’s, they work fine.
Also the token exchange is not working, either in my backend or in Postman.
POST https://{{store}}.myshopify.com/admin/oauth/access_token
Content-Type: application/json
Accept: application/json
{
"client_id": "REMOVEDFOREXAMPLE",
"client_secret": "REMOVEDFOREXAMPLE",
"grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
"subject_token": "shpua_16b0b7267374dc7e9c5ec67a728d8aef",
"subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
"requested_token_type": "urn:shopify:params:oauth:token-type:online-access-token"
}
400 Bad Request
{
"error": "invalid_subject_token",
"error_description": "Token exchange cannot be performed due to an invalid subject token."
}
How can I get a new subject_token when token exchange doesn’t work?
And in remix the session.accessToken stays the same after each reinstall and can’t be used.
const { admin, session } = await authenticate.admin(request);
const accessToken = session?.accessToken;
I’m trying to get hold of an accessToken so i can query a clients shop for my fulfilment orders using remix and a node backend
prakhar
November 21, 2024, 8:35am
2
Hey!
Are you using Shopify’s managed_installs
?
The token exchange only works with Session Token. These token can only be obtained from your app via the app bridge.
It would be a JWT.
Can you tell us where did you get the subject_token
: shpua_16b0b7267374dc7e9c5ec67a728d8aef
?
I got this token in remix. Yes managed installs. Embedded app.
const { admin, session } = await authenticate.admin(request);
const accessToken = session?.accessToken;
prakhar
November 21, 2024, 8:55am
4
Understood. This actually returns the online access token for the user.
What you need is
const sessionToken = await shopify.idToken()
Provided that you are using the app bridge v4.
Thanks for taking time to reply. I’m using Remix and still confused.
Is there any example of how to incorporate this into the remix code?
The shopify.idToken()
method is only accessible in a client-side context (browser) and cannot be used within a Remix loader, which runs on the server side.
The documentation says this is already integrated in to remix app. how or where do i use this?
prakhar
November 21, 2024, 4:58pm
6
Oh wait! Why do you need to use the token exchange API when session?.accessToken
actually gives you the access token itself?
bobby_solo:
pua_1
subject token might be wrong , it should be session token. right now your token seems to be access token
All I’m after is the offline accessToken after App installation to query the Clients Fulfillments requests for me. The documentation is very confusing, send me all over the place. I initially thought I could get the accessToken easily in remix with:
const { admin, session } = await authenticate.admin(request);
const accessToken = session?.accessToken;
Somehow the token I get gives me 401 error even though my scopes and credentials are correct.